Out-of-bounds read in ImageMagick - CVE-2017-14607
Published: December 27, 2017
Vulnerability identifier: #VU9806
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14607
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ImageMagick.org
Affected software:
ImageMagick
ImageMagick
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to out of bounds read flaw related to ReadTIFFImage function in coders/tiff.c. A remote attacker can provide a specially crafted image file and read arbitrary data or cause the application to crash.
The weakness exists due to out of bounds read flaw related to ReadTIFFImage function in coders/tiff.c. A remote attacker can provide a specially crafted image file and read arbitrary data or cause the application to crash.
How to mitigate CVE-2017-14607
Install update from vendor's website.